From 63c569c3d27cd85927c7ae87f6af93f1c951329f Mon Sep 17 00:00:00 2001 From: Mykola Baibuz Date: Sun, 25 Aug 2024 00:26:32 +0300 Subject: [PATCH] Setup routing for Linux IPSec --- client/protocols/ikev2_vpn_protocol_linux.cpp | 25 ++++++++++++++++++- client/protocols/ikev2_vpn_protocol_linux.h | 2 ++ ipc/ipcserver.cpp | 24 ++++++++++++++++++ 3 files changed, 50 insertions(+), 1 deletion(-) diff --git a/client/protocols/ikev2_vpn_protocol_linux.cpp b/client/protocols/ikev2_vpn_protocol_linux.cpp index 6bf3205c..692531db 100644 --- a/client/protocols/ikev2_vpn_protocol_linux.cpp +++ b/client/protocols/ikev2_vpn_protocol_linux.cpp @@ -6,6 +6,8 @@ #include +#include "core/networkUtilities.h" + #include "logger.h" #include "ikev2_vpn_protocol_linux.h" #include "utilities.h" @@ -23,6 +25,11 @@ Ikev2Protocol::Ikev2Protocol(const QJsonObject &configuration, QObject* parent) { self = this; readIkev2Configuration(configuration); + m_routeGateway = NetworkUtilities::getGatewayAndIface(); + m_vpnGateway = "192.168.43.10"; + m_vpnLocalAddress = "192.168.43.10"; + m_remoteAddress = configuration.value(amnezia::config_key::hostName).toString(); + m_routeMode = configuration.value(amnezia::config_key::splitTunnelType).toInt(); } Ikev2Protocol::~Ikev2Protocol() @@ -43,7 +50,6 @@ void Ikev2Protocol::readIkev2Configuration(const QJsonObject &configuration) { QJsonObject ikev2_data = configuration.value(ProtocolProps::key_proto_config_data(Proto::Ikev2)).toObject(); m_config = QJsonDocument::fromJson(ikev2_data.value(config_key::config).toString().toUtf8()).object(); - } ErrorCode Ikev2Protocol::start() @@ -95,10 +101,27 @@ bool Ikev2Protocol::delete_vpn_connection(const QString &vpn_name){ //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ bool Ikev2Protocol::connect_to_vpn(const QString &vpn_name) { IpcClient::Interface()->startIPsec(vpn_name); + + QThread::msleep(3000); + +#if defined(Q_OS_LINUX) || defined(Q_OS_MACOS) + // killSwitch toggle + if (QVariant(m_config.value(config_key::killSwitchOption).toString()).toBool()) { + IpcClient::Interface()->enableKillSwitch(m_config, 0); + } +#endif + if (m_routeMode == 0) { + IpcClient::Interface()->routeAddList(m_vpnGateway, QStringList() << "0.0.0.0/1"); + IpcClient::Interface()->routeAddList(m_vpnGateway, QStringList() << "128.0.0.0/1"); + IpcClient::Interface()->routeAddList(m_routeGateway, QStringList() << m_remoteAddress); + } + IpcClient::Interface()->StopRoutingIpv6(); return true; } //~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ bool Ikev2Protocol::disconnect_vpn() { IpcClient::Interface()->stopIPsec("ikev2-vpn"); + IpcClient::Interface()->disableKillSwitch(); + IpcClient::Interface()->StartRoutingIpv6(); return true; } diff --git a/client/protocols/ikev2_vpn_protocol_linux.h b/client/protocols/ikev2_vpn_protocol_linux.h index 11ca2140..b4e2039d 100644 --- a/client/protocols/ikev2_vpn_protocol_linux.h +++ b/client/protocols/ikev2_vpn_protocol_linux.h @@ -35,6 +35,8 @@ private: private: QJsonObject m_config; + QString m_remoteAddress; + int m_routeMode; bool create_new_vpn(const QString & vpn_name, diff --git a/ipc/ipcserver.cpp b/ipc/ipcserver.cpp index 7034465c..6500af69 100644 --- a/ipc/ipcserver.cpp +++ b/ipc/ipcserver.cpp @@ -310,6 +310,25 @@ bool IpcServer::disableKillSwitch() bool IpcServer::startIPsec(QString tunnelName) { +#ifdef Q_OS_LINUX +/* QProcess processSystemd; + QStringList commandsSystemd; + commandsSystemd << "systemctl" << "restart" << "ipsec"; + processSystemd.start("sudo", commandsSystemd); + if (!processSystemd.waitForStarted(1000)) + { + qDebug().noquote() << "Could not start ipsec tunnel!\n"; + return false; + } + else if (!processSystemd.waitForFinished(2000)) + { + qDebug().noquote() << "Could not start ipsec tunnel\n"; + return false; + } + commandsSystemd.clear(); + + QThread::msleep(2000); +*/ QProcess process; QStringList commands; commands << "ipsec" << "up" << QString("%1").arg(tunnelName); @@ -325,10 +344,13 @@ bool IpcServer::startIPsec(QString tunnelName) return false; } commands.clear(); +#endif + return true; } bool IpcServer::stopIPsec(QString tunnelName) { +#ifdef Q_OS_LINUX QProcess process; QStringList commands; commands << "ipsec" << "down" << QString("%1").arg(tunnelName); @@ -344,6 +366,8 @@ bool IpcServer::stopIPsec(QString tunnelName) return false; } commands.clear(); +#endif + return true; } bool IpcServer::writeIPsecConfig(QString config)